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DETAILED ACTION 

1 . This action is responding to application papers filed on 4-12-2004. 

2. Claims 1, 4 - 21, 23 - 25, 27 - 29, 31, 32, 34 - 37, 39 - 42, 44 - 47 are pending. 

Claims 1, 4 - 7, 21, 23 - 25, 27 - 29, 31, 32, 34 - 37, 39 - 42, 44 - 47 have been 
amended. Claims 2, 3, 22, 26, 30, 33, 38, 43 have been cancelled. Claims 1, 8, 18, 
21, 25, 29 are independent. 

Response to Arguments 

3. Applicant's arguments filed 5/23/2008 have been fully considered but they are 
persuasive. Therefore, a new ground of rejection has been entered: 

Claims 1,4-7,21,23-25, 27- 29, 31, 32, 34 - 37, 39 - 42, 44 - 47 are rejected 
under 35 U.S.C. 103 (a) as being unpatentable over Bosler et al. (US Patent No. 
20050010757) in view of Kinnis et al. (US Patent No. 6,959,382). 

Claims 8 - 20 are rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Bosler-Kinnis and further in view of Sudia et al. (US Patent No. 20020013898). 

Responses: 

3.1 Applicant argues that the referenced prior art does not disclose, "security 
information defining a number of required signatures and required principals", (see 
Remarks Page 15, 17) 

There is no disclosure for the claim limitation defining a parameter indicating a 
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number of required signatures and required principals. See the 112 rejection. The 
Bosier prior art discloses that digital signature information used for authentication is 
transferred between network connected nodes, (see Bosier paragraph [0058], lines 21- 
28: receive security information with directive (i.e. command, management message); 
paragraph [0058], lines 5-14: digital signature authentication; paragraph [0069], lines 1- 
5: apply directives or commands after authentication) 

3.2 Applicant argues that the referenced prior art does not disclose, "verifying that two 
or more signatures are valid", (see Remarks Page 15) 

The Bosier prior art discloses a network management system for the management 
of interconnected network entities or nodes. The BosSer prior art discloses a public key 
infrastructure and digital signature as an authentication mechanism. And, the Bosier 
prior art discloses the completion of authentication before configuration commands or 
directives are processed by a second management. 

The Bosier prior art discloses the authentication or verification of a digital signature 
(hash), (see Bosier paragraph [0078], Sines 1-15: if first hash matches second hash, 
then authentication successful) The Kinnis prior art discloses the authentication (or 
verification) of more than one digital signatures, (see Kinnis col. 10, lines 38-67: 
authentication (verification) of multiple signatures) 

3.3 Applicant argues that the referenced prior art does not disclose, "digital signatures 
have collective authority", (see Remarks Page 15) 

There is no disclosure of the term "collective authority" in the specification or the 



Application/Control Number: 10/822,927 Page 4 

Art Unit: 2136 

original claims. The specification in pages 10, 24 discloses the term "combined 
authority". The Bosler prior art discloses the usage of digital signatures for 
authentication or verification. This "combined authority" is equivalent to a determination 
of whether an entity is authorized. The Bosier prior art discloses whether an entity is 
authorized to make a configuration change, (see Bosler paragraph [0Q7S], lines 1-15: if 
both hash values match, then, the message (configuration directive) is authentication 
(verified, authorized) and can be processed) And, the Kinnis prior art discloses the 
usage of more than one digital signature in authentication. Each additional digital 
signature is verified or authorized (equivalent to combined authority), (see Kinnis col. 
10, lines 38-67: authentication (verification) of multiple signatures) 

3.4 Applicant argues that the referenced prior art does not disclose, "applying the 
configuration directive only when the configuration information has the number of 
required signatures by the required principals", (see Remarks Page 16) 

As indicated before there is no disclosure for a parameter to indicate a number of 
required digital signatures or required principals. The Bosler prior art discloses the 
transfer of security information such as digital signatures used for authentication and the 
application of network management directives, (see Bosier paragraph [0058], lines 21- 
28: transfer security information with directive (i.e. command, management message)); 
(see Bosier paragraph [0058], lines 5-14: digital signature authentication; paragraph 
[0069], lines 1-5: apply directives or commands after authentication) 

The Kinnis prior art discloses that when the second digital signature is appended, 
the integrity of the first digital signature is maintained. The only reason to mention this 
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is to verify the authentication of both the first and second digitai signatures, (see Kinnis 
The term, "collective authority", is not disclosed in the specification or the original 
claims. The specification in paragraph [0030] discloses a concept of combined 
authority, which is equivalent to authentication for more than one digital signature. The 
Kinnis prior art discloses authentication of more than one digitai signature, (see Kinnis 
col. 10, lines 38-67: authentication (verification) of multiple signatures) 

3.5 Applicant argues that the referenced prior art does not disclose, Kinnis expressly 
teaches against verifying that two or more users have collective authority, (see 
Remarks Page 18) 

There is no disclosure in the Kinnis prior art to discredit or discourage the usage of 
any type of combined authority. Therefore, the Kinnis prior art does not teach away 
from the usage of combined authority in the authentication process. The Kinnis prior 
art discloses the authentication of multiple signatures. The Kinnis prior art discloses 
that when two digitai signatures are utilized the first digital signature's integrity is 
maintained. The first digital signature's integrity is maintained to ensure it is used for 
authentication along with the second digital signature. 

The Bosier prior art discloses whether an entity is authorized to make a 
configuration change, (see Bosier paragraph [0078]: if both hash values match, then, 
the message (configuration directive) is authentication and can be processed) And, the 
Kinnis prior art discloses the usage of more than one digitai signature in authentication. 
Each additional digital signature is verified or authorized (equivalent to combined 
authority), (see Kinnis col. 10, Sines 38-67: authentication (verification) of multiple 
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signatures) 

Applicant admits that the digital signatures are used to verify the integrity of the 
documents (messages) and the authenticity of the user, (see Remarks Pages 18) 

Claim Rejections - 35 (JSC § 101 

4. The 101 rejection has been withdrawn. 

Claim Rejections - 35 (JSC § 112 

5. The previous 112 rejection has been withdrawn. And, a new 112 rejection has 
been entered. 

6. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such fu!!, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

7. Claims 1, 21, 25, 29 are rejected under 35 U.S.C. 112, first paragraph, as failing 
to comply with the written description requirement. The ciaim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. There is no disclosure for the claim limitation 
"defining a number of required signatures and required principals" in the specification or 
the original claims. There is no disclosure for a parameter or other information 
indicating a number of required signatures and a number of associated principals. The 
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specification merely indicates that one or more digital signatures are received. 

There is no disclosure of the term "collective authority" in the specification or the 
original claims. The specification in pages 10, 24 discloses the term "combined 
authority". Bosler discloses the usage of the digital signatures for authentication. This 
"combined authority" is equivalent to a determination of whether an entity is authorized. 
Appropriate correction required. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made 
to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

9. Claims 1,4-7, 21,23-25, 27- 29, 31, 32, 34 - 37, 39 - 42, 44 - 47 are rejected 
under 35 U.S.C. 103 (a) as being unpatentable over Bosler et al. (US Patent No. 
20050010757) in view of Kinnis et al. (US Patent No. 6,959,382). 

With Regards to Claims 1, 21, 25, Bosler discloses a method, a computer-readable 

volatile or non-volatile medium storing, one or more sequences of instructions, 
apparatus comprising the computer implemented steps of: 

a) receiving trust information defining one or more trusted signatories; (see Bosler 
paragraph [0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: 
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CAs (i.e. trusted signatories) distributing or granting certificates, received by 
user) 

b) receiving, in association with a particular configuration directive, security 
information defining a num ber of re quired signatures and required principals: 
(see Bosler paragraph [0058], iines 21-28: receive security information with 
directive (i.e. command, management message); paragraph [0058], iines 5-14: 
digital signature authentication; there is no disclosure for a parameter indicating a 
number or count of signatures) 

c) receiving configuration information comprising a hostname, one or more 
configuration directives for a host network element associated with the 
hostname, and one or more digital signatures of the hostname and configuration 
directives; (see Bosler paragraph [0058], lines 5-14: management (i.e. 
configuration) information transferred between manager and client, digital 
signature verification required) 

d) wherein th e configuration information includes the particular configuration 
directive; (see Bosler paragraph [0058], lines 21-28: receive security information 
with directive (i.e. command, management message)) (see Bosler paragraph 
[0058], iines 21-28: receive (transfer) security information with directives (i.e. 
command, management message)); 

e) attempting to verify the one or more digital signatures based on the trust 
information; (see Bosler paragraph [0008], lines 7-13: verification digital signature 
based on certificates received from CA (i.e. trust information)) 
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g) applying the configuration directives to the host network element only when the 
two of more digital signatures are verified successfully, (see Bosler paragraph 
[0057], lines 29-33: utilize directives or commands after digital signature 
verification) 

h) wherein applying the configuration directives comprises applying the particular 
configuration directive only when the configuration information has the number of 
required signatures by the required principals , (see Bosler paragraph [0058], 
lines 21-28: receive security information with directive (i.e. command, 
management message); digital signature information (associated principals 
information); paragraph [0058], lines 5-14: digital signature authentication; 
paragraph [0069], lines 1-5: apply directives or commands after authentication; 
there is no disclosure for a parameter to indicate the number of required 
signatures by the required principals) 

Bosler discloses wherein verifying that one or more digital signatures, from the one 
or more digital signatures, are valid and that two or more principals respectively 
associated with the two or more digital signatures have collective authority to 
perform the configuration directives on the host network element; (see Bosler 
paragraph [0008], lines 7-13; paragraph [0078], lines 7-15: management information, 
verify digital signature) 
However, Kinnis discloses: 

f) verifying that two or more digital signatures are valid, (see Kinnis col. 10, lines 
38-67: verify multiple signature (first, second) authenticated; col. 3, lines 3-24: 
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first, second digital signatures for content, any number of signatures may be 
added (integrity of first signature maintained when second signature appended; 
only usage for digital signature is verification or authentication of an entity or 
user); col. 3, lines 28-30: used for authentication (verification) purposes; col. 4, 
lines 25-27: content of any type can be protected with digital signature; col. 4, 
lines 31-34: certificate from Certificate Authority (CA)) 
It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26: "... Accordingly, it is desirable to provide 
a means to generate digital signatures that are not specific to an application, such as 
an email client. The digital signature service also provides the functionality to obtain 
certificates, manage private-public keys, and generate digital signatures for 
documents that may be stored independent of other tools used by the user. ... ") 

With Regards to Claim 4, Bosler discloses a method as recited in Claim 1 , 

a) wherein applying the p articular confi guration directive comprises applying the 
particular configuration directive only when the configuration information has the 
number of required signatures by the required principals and only upon 
successively validating all required signatures, (see Bosler paragraph [0058], 
lines 5-14: digital signature authentication; paragraph [0069], lines 1-5: apply 
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directives or commands after authentication) 

With Regards to Claim 5, Bosler discloses a method as recited in claim 1 , wherein the 
digital signatures use public key cryptography, and wherein public keys for the digital 
signatures are stored on the host, (see Bosler paragraph [0073], lines 4-7: security 
information stored in central location (i.e. host system), (i.e. option, each individual 
system or host)) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 6, Bosler discloses a method as recited in Claim 1 , wherein the 
digital signatures use public key cryptography, wherein public keys for the digital 
signatures are stored on a key server and retrieved from the key server as part of 
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attempting to validate the digital signatures, (see Bosler paragraph [0007], lines 6-8: 
public key cryptography authentication; paragraph [0073], lines 4-7; paragraph [0060], 
lines 1-6: security information stored in central location or in each individual system or 
host, certification server (i.e. key server)) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user): col. 3, lines 28-30: 
used for authentication (verification) purposes) 

St would have been obvious to one of ordinary ski!! in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 7, Bosler discloses a method as recited in Claim 1 , wherein the 
digital signatures use public key cryptography, and wherein public keys for the digital 
signatures are received in a digital certificate and extracted from the digital certificate as 
part of attempting to validate the digital signatures, (see Bosler paragraph [0058], lines 
5-7: public/private key pair; paragraph [0060], lines 1-6: Certificate Authority (CA) , 
public key certificate; paragraph [0008], lines 7-13: verification (i.e. validation) with 
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digital signature) 

Bosier does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosier to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claims 23, 31, Bosier discloses a computer-readable volatile or non- 
volatile medium, apparatus as recited in any of Claims 21 , 29, wherein the digital 
signatures comprise a first digital signature of the one or more configuration directives 
by a first user, and a second digital signature by a second user, wherein the second 
digital signature is applied to a resultant of the first digital signature, (see Bosier 
paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant hashes (i.e. digest, 
digital signature) for authentication) 

Bosier does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
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first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claims 24, 32, Bosler discloses a method, computer-readable volatile 
or non-volatile medium, apparatus as recited in any of Claims 21 , 29, wherein the digital 
signatures comprise a first digital signature of a first portion of the one or more 
configuration directives by a first user, a second digital signature of a second portion of 
the one or more configuration directives by a second user, and a third digital signature 
by a third user, wherein the third digital signature is applied to a resultant of the first 
digital signature and the second digital signature, (see Bosler paragraph [0078], lines 7- 
15: comparison (i.e. is applied) of resultant hashes (i.e. digest, digital signature) for 
authentication) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
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(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); coi. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col, 2, lines 20-26) 

With Regards to Claim 27, Bosler discloses an apparatus as recited in Claim 25, 
wherein the digital signatures comprise a first digital signature of the one or more 
configuration directives by a first user, and a second digital signature by a second user, 
wherein the second digital signature is applied to a resultant of the first digital signature, 
(see Bosler paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant 
hashes (i.e. digest, digital signature) for authentication) 
Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis coi. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
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utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 28, Bosler discloses an apparatus as recited in Claim 25, 
wherein the digital signatures comprise a first digital signature of a first portion of the 
one or more configuration directives by a first user, a second digital signature of a 
second portion of the one or more configuration directives by a second user, and a third 
digital signature by a third user, wherein the third digital signature is applied to a 
resultant of the first digital signature and the second digital signature, (see Bosler 
paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant hashes (i.e. digest, 
digital signature) for authentication) 

With Regards to Claim 29, Bosler discloses an apparatus for verifying configuration 
changes for network devices using digital signatures, comprising: a network interface 
that is coupled to the data network for receiving one or more packet flows therefrom; 

a) a processor; (see Bosler paragraph [0067], lines 4-8: processor) 

one or more stored sequences of instructions which, when executed by the 
processor, cause the processor to carry out the steps of: 

b) receiving trust information defining one or more trusted signatories; (see Bosler 
paragraph [0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: 
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CAs (i.e. trusted signatories) distributing or granting certificates, received by 
user) 

c) receiving configuration information comprising a hostname, one or more 
configuration directives for a host network element associated with the 
hostname, and one or more digital signatures of the hostname and configuration 
directives; (see Bosler paragraph [0058], lines 5-14: management (i.e. 
configuration) information transferred between manager and client, digital 
signature verification required) 

d) attempting to verify the one or more digital signatures based on the trust 
information; (see Bosler paragraph [0008], lines 7-13: verify digital signature) 

e) verifying that two or more digital signatures, from the one or more digital 
signatures, are valid and that two or more principals respectively associated with 
the two or more digital signatures have collective authority to perform the 
configuration directives on the host network element; (see Bosler paragraph 
[0008], lines 7-13: verify digital signature) 

f) applying the configuration directives to the home network element only when the 
one or more digital signatures are verified successfully, (see Bosler paragraph 
[0058], lines 5-14; paragraph [0069], lines 1-5: signature verification, process 
directive) 

Bosler discloses wherein verifying that one or more digital signatures, from the one 
or more digital signatures, are valid and that two or more principals respectively 
associated with the two or more digital signatures have collective authority to 
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perform the configuration directives on the host network element; (see Bosler 
paragraph [0008], lines 7-13; paragraph [0078], lines 7-15: management information, 
verify digital signature) 
However, Kinnis discloses: 

e) verifying that two or more digital signatures, from the one or more digital 
signatures, are valid, (see Kinnis col. 3, lines 3-24: first, second digital 
signatures for content, any number of signatures may be added; col. 3, lines 28- 
30: used for authentication purposes; col. 4, lines 25-27: content of any type can 
be protected with digital signature; col. 4, lines 31-34: certificate from Certificate 
Authority (CA)) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
enable the capability to utilize multiple digital signatures as taught by Kinnis. One of 
ordinary skill in the art would have been motivated to employ the teachings of Kinnis 
in order to obtain certificates, keys, and generate digital signatures that may be 
stored independent of other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claims 34, 39, 44, Bosler discloses a computer-readable volatile or 
non-volatile medium, apparatus as recited in Claims 21 , 25, 29, further comprising 
instructions which, when executed by the one or more processors, cause the one or 
more processors to perform the steps of: receiving, in association with a particular 
configuration directive, security information defining a number of required signatures 
and required principals; applying the particular configuration directive only when the 
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configuration information has the number of required signatures by the required 
principals and only upon successively validating all required signatures, (see Bosler 
paragraph [0058], lines 5-7: public/private key pair; paragraph [0060], lines 1-6: 
Certificate Authority (CA) , public key certificate; paragraph [0008], lines 7-13; 
paragraph [0078], lines 7-15: verification (i.e. validation) with digital signature(s); 
paragraph [0057], lines 23-28; paragraph [0066], lines 1-4: software, implementation 
means) 

With Regards to Claims 35, 40, 45, Bosler discloses a computer-readable volatile or 
non-volatile medium, apparatus as recited in Claims 21 , 25, 29, wherein the digital 
signatures use public key cryptography, and wherein public keys for the digital 
signatures are stored on the host network element, (see Bosler paragraph [0073], lines 
4-7: security information stored in central location (i.e. host system), (i.e. option, each 
individual system or host); paragraph [0057], lines 23-28; paragraph [0066], lines 1-4: 
software, implementation means) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
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utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claims 36, 41, 46, Bosler discloses a computer-readable volatile or 
non-volatile medium, apparatus as recited in Claims 21 , 25, 29, wherein the digital 
signatures use public key cryptography, wherein public keys for the digital signatures 
are stored on a key server and retrieved from the key server as part of attempting to 
validate the digital signatures, (see Bosler paragraph [0007], lines 6-8: public key 
cryptography authentication; paragraph [0073], lines 4-7; paragraph [0060], lines 1-6: 
security information stored in central location or in each individual system or host, 
certification server (i.e. key server); paragraph [0057], lines 23-28; paragraph [0066], 
lines 1-4: software, implementation means) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
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would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claims 37, 42, 47, Bosler discloses a computer-readable volatile or 
non-volatile medium, apparatus as recited in Claims 21 , 25, 29, wherein the digital 
signatures use public key cryptography, and wherein public keys for the digital 
signatures received in a digital certificate and extracted from the digital certificate as 
part of attempting to validate the digital signatures, (see Bosler paragraph [0058], lines 
5-7: public/private key pair; paragraph [0060], lines 1-6: Certificate Authority (CA) , 
public key certificate; paragraph [0008], lines 7-13: verification (i.e. validation) with 
digital signature; paragraph [0057], lines 23-28; paragraph [0066], lines 1-4: software, 
implementation means) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis coi. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); coi. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
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certificates., keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

10. Claims 8 - 20 are rejected under 35 U.S.C. 103 (a) as being unpatentable over 
Bosler-Kinnis and further in view of Sudia et a!. (US Patent No. 20020013898). 

With Regards to Claim 8, Bosler discloses a method, comprising the computer 
implemented steps of: 

a) receiving a public key for a user of the network devices; receiving trust 
information defining one or more trusted signatories; (see Bosler paragraph 
[0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: CAs (i.e. 
trusted signatories) distributing or granting certificates) 

b) receiving configuration control information that includes a time period during 
which a valid digital signature is required for applying one or more particular 
configuration directives; (see Bosler paragraph [0071], lines 1-13; paragraph 
[0073], lines 77-22: time-based certificate, directive authentication) 

Bosler and Sudia disclose: 

c) receiving configuration information comprising a hostname, one or more 
configuration directives for a host network element associated with the 
hostname, one or more digital signatures of the hostname and configuration 
directives, (see Bosler paragraph [0058], lines 5-14: management (i.e. 
configuration) information transferred between manager and client, digital 



Application/Control Number: 10/822,927 Page 23 

Art Unit: 2136 

signature verification required) and a date time value; (see Sudia paragraph 
[0249], lines 1-14: time limit (expiration period) for certificate (key information)) 

d) determining if the date time value is within the time period; (see Sudia paragraph 
[0249], lines 1-14: time limit (expiration period) for certificate (key information))- 

e) determining if the one or more configuration directives have been previously 
received; (see Bosler paragraph [0069], lines 1-5: process configuration 
directive(s), commands) during the time period (see Sudia paragraph [0249], 
lines 1-14: time limit (expiration period) for certificate (key information)) and 

f) only when the date time value is within the time period (see Bosler paragraph 
[0073], lines 17-22: time based certificate) and the one or more configuration 
directives have not been previously received during the time period, attempting to 
verify the one or more digital signatures based on the trust information, and 
applying the configuration directives to a network element only when the one or 
more digital signatures are verified successfully, (see Sudia paragraph [0249], 
lines 1-14: time limit (expiration period) for certificate (key information)) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
use a time period to limit usage of the security information as taught by Sudia. One 
of ordinary skill in the art would have been motivated to employ the teachings of 
Sudia to provide a robust and easy-to-use mechanism in which authorizing agents 
can temporarily delegate their authorizing capability based on a time period, (see 
Sudia paragraph [001 1], lines 1-4: " ... A further object of the present invention is to 
provide a robust and easy-to-use mechanism in which authorizing agents can 
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temporarily delegate their authorizing capability. . . . ") 

With Regards to Claims 9, 10, Bosler discloses a method as recited in Claim 8, 
wherein the step of determining if the one or more configuration directives have been 
previously received during the time period comprises the steps of 

a) generating a secure hash of the one or more configuration directives; (see Bosler 
paragraph [0078], lines 3-15: generate secure hash value for authentication) 

b) determining if the secure hash is found in non volatile memory, (see Bosler 
paragraph [0078], lines 3-15; paragraph [0067], lines 4-8: memory, workspace for 
data processing: memory (i.e. non-volatile)) 

With Regards to Claim 11, Bosler discloses a method as recited in Claim 8, further 
comprising the step of storing the secure hash in non volatile memory, and the one or 
more configuration directives have not been previously received during the time period, 
(see Bosler paragraph [0067], lines 4-8: memory, workspace for data processing; 
paragraph [0078], lines 3-15: hash (i.e. digest) values utilized for authentication) 
Bosler does not specifically disclose wherein association with an expiration value, when 
the date time value is within the time period. However, Sudia discloses wherein 
association with an expiration value, when the date time value is within the time period, 
(see Sudia paragraph [0249], lines 1-14: time limit (expiration period) for certificate (key 
information)) 

It would have been obvious to one of ordinary ski!! in the art to modify Bosler to use 
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a time period to limit usage of the security information as taught by Sudia. One of 
ordinary skill in the art would have been motivated to employ the teachings of Sudia to 
provide a robust and easy-to-use mechanism in which authorizing agents can 
temporarily delegate their authorizing capability based on a time period, (see Sudia 
paragraph [0011], lines 1-4) 

With Regards to Claim 12, Bosler discloses a method as recited in Claim 8, further 
comprising the steps of verifying that the one or more digital signatures is valid and that 
one or more principals respectively associated with the digital signatures have collective 
authority to perform the directives on the host, (see Bosler paragraph [0058], lines 5-14: 
mutual authentication required before directive(s) or command(s) implemented) 

With Regards to Claims 13, 14, Bosler discloses a method as recited in Claim 8, 
further comprising the steps of 

a) receiving, in association with a particular configuration directive, security 
information defining a number of required signatures and required principals; 
(see Bosler paragraph [0058], lines 21-28: key, security information received with 
directive or command) 

b) applying the particular configuration directive only when the configuration 
information has the number of required signatures by the required principals and 
only upon successively validating all required signatures, (see Bosler paragraph 
[0058], lines 5-14; paragraph [0069], lines 1-5: validate digital signature, process 
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directive or command) 

With Regards to Claim 15, Bosler discloses a method as recited in claim 1 , wherein 
the digital signatures use public key cryptography, and wherein public keys for the 
digital signatures are stored on the host, (see Bosler paragraph [0073], lines 4-7: 
security information stored in central location (i.e. host system), (i.e. option, each 
individual system or host)) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 16, Bosler discloses a method as recited in Claim 1 , wherein 
the digital signatures use public key cryptography, wherein public keys for the digital 
signatures are stored on a key server and retrieved from the key server as part of 
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attempting to validate the digital signatures, (see Bosler paragraph [0007], lines 6-8: 
public key cryptography authentication; paragraph [0073], lines 4-7; paragraph [0060], 
lines 1-6: security information stored in central location or in each individual system or 
host, certification server (i.e. key server)) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user): col. 3, lines 28-30: 
used for authentication (verification) purposes) 

St would have been obvious to one of ordinary ski!! in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 17, Bosler discloses a method as recited in Claim 1 , wherein 
the digital signatures use public key cryptography, and wherein public keys for the 
digital signatures are received in a digital certificate and extracted from the digital 
certificate as part of attempting to validate the digital signatures, (see Bosler paragraph 
[0058], lines 5-7: public/private key pair; paragraph [0060], lines 1-6: Certificate 
Authority (CA) , public key certificate; paragraph [0008], lines 7-13: verification (i.e. 
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validation) with digital signature) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 18, Bosler discloses a method for verifying configuration 
changes for network devices using digital signatures, comprising the computer 
implemented steps of: 

a) receiving a public key for a user of the network devices; (see Bosler paragraph 
[0058], lines 5-7: public/private key pairs; paragraph [0060], lines 1-6: CAs (i.e. 
trusted signatories) distributing or granting certificates (i.e. public key certificate), 
received by user) 

b) receiving configuration control information that includes a time period during 
which a valid digital signature is required for applying one or more particular 
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configuration directives to a specified network device; (see Bosler paragraph 
[0071], lines 1-13; paragraph [0073], lines 17-22: time based certificate) 

c) receiving configuration information comprising a hostname, one or more 
configuration directives for the specified network device associated with the 
hostname, one or more digital signatures of the hostname and configuration 
directives, and a date time value; (see Bosler paragraph [0058], lines 5-14: 
management (i.e. configuration) information transferred between manager and 
client, digital signature verification required) 

e) determining if the one or more configuration directives have been previously 
received during the time period, by generating a secure hash of the one or more 
configuration directives and determining if the secure hash is found in memory; 
(see Bosler paragraph [0078], lines 3-15: hash (i.e. digest) utilized) and 

performing the steps of: 

g) attempting to verify the one or more digital signatures based on generating a 
secure hash of the one or more configuration directives using the public key and 
comparing the secure hash to the one or more digital signatures, and applying 
the configuration directives to a network element only when the one or more 
digital signatures are verified successfully, (see Bosler paragraph [0078], lines 3- 
15: hash generation, authentication) 

Sudia disclose: 

d) determining if the date time value is within the time period; (see Sudia paragraph 
[0249], lines 1-14: time limit (expiration period) for certificate (key information)) 
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f) only when the date time value is within the time period and the one or more 
configuration directives have not been previously received during the time period, 

(see Sudia paragraph [0249], lines 1-14: time limit (expiration period) for 

certificate (key information)) 
It would have been obvious to one of ordinary skill in the art to modify Bosler to 
use a time period to limit usage of the security information as taught by Sudia. One 
of ordinary skill in the art would have been motivated to employ the teachings of 
Sudia to provide a robust and easy-to-use mechanism in which authorizing agents 
can temporarily delegate their authorizing capability based on a time period, (see 
Sudia paragraph [0011], lines 1-4) 

With Regards to Claim 19, Bosler discloses a method, as recited in any of Claims 18, 
wherein the digital signatures comprise a first digital signature of the one or more 
configuration directives by a first user, and a second digital signature by a second user, 
wherein the second digital signature is applied to a resultant of the first digital signature, 
(see Bosler paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant 
hashes (i.e. digest, digital signature) for authentication) 
Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user): col. 3, lines 28-30: 



Application/Control Number: 10/822,927 Page 31 

Art Unit: 2136 

used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skiii in the art to modify Bosler to 
utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 

With Regards to Claim 20, Bosler discloses a method, as recited in any of Claim 18, 
wherein the digital signatures comprise a first digital signature of a first portion of the 
one or more configuration directives by a first user, a second digital signature of a 
second portion of the one or more configuration directives by a second user, and a third 
digital signature by a third user, wherein the third digital signature is applied to a 
resultant of the first digital signature and the second digital signature, (see Bosler 
paragraph [0078], lines 7-15: comparison (i.e. is applied) of resultant hashes (i.e. digest, 
digital signature) for authentication) 

Bosler does not specifically disclose the usage of two or more digital signatures. 
However, Kinnis discloses two or more digital signatures, (see Kinnis col. 3, lines 3-24: 
first, second digital signatures for content, any number of signatures may be added 
(integrity of first signature maintained when second signature appended; only usage for 
digital signature is verification or authentication of an entity or user); col. 3, lines 28-30: 
used for authentication (verification) purposes) 

It would have been obvious to one of ordinary skill in the art to modify Bosler to 
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utilize multiple digital signatures as taught by Kinnis. One of ordinary skill in the art 
would have been motivated to employ the teachings of Kinnis in order to obtain 
certificates, keys, and generate digital signatures that may be stored independent of 
other tools, (see Kinnis col. 2, lines 20-26) 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
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system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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